NtOpenThread - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTPSAPI_H
//
// Threads
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)
/**
* Opens an existing thread object.
*
* \param ThreadHandle A pointer to a handle that receives the thread object handle.
* \param DesiredAccess The access rights desired for the thread object.
* \param ObjectAttributes Optional. A pointer to an OBJECT_ATTRIBUTES structure that specifies the attributes of the new thread.
* \param ClientId Optional. A pointer to a CLIENT_ID structure that specifies the client ID of the thread to be opened.
* \return NTSTATUS Successful or errant status.
*/
NTSYSCALLAPI
NTSTATUS
NTAPI
NtOpenThread(
_Out_ PHANDLE ThreadHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ PCOBJECT_ATTRIBUTES ObjectAttributes,
_In_opt_ PCLIENT_ID ClientId
);
View code on GitHub#ifndef _NTZWAPI_H
NTSYSCALLAPI
NTSTATUS
NTAPI
ZwOpenThread(
_Out_ PHANDLE ThreadHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ PCOBJECT_ATTRIBUTES ObjectAttributes,
_In_opt_ PCLIENT_ID ClientId
);
View code on GitHubNTSTATUS NtOpenThread(
_Out_ PHANDLE ThreadHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_ PCLIENT_ID ClientId
);
View the official Win32 development documentationOpens a handle to an existing thread. This function is documented in Windows SDK.
ThreadHandle - a pointer to a variable that receives a handle to the thread.DesiredAccess - the requested access mask.ObjectAttributes - a pointer to an OBJECT_ATTRIBUTES structure that specifies attributes of the handle. Use InitializeObjectAttributes to initialize this structure.ClientId - a pointer to the variable that indicates the client ID of the thread to open. You can omit the process part of the structure by specifying NULL in UniqueProcess.| Access mask | Use |
|---|---|
THREAD_TERMINATE |
Allows terminating the thread via NtTerminateThread. |
THREAD_SUSPEND_RESUME |
Allows suspending and resuming the thread via NtSuspendThread and NtResumeThread, respectively. |
THREAD_ALERT |
Allows waking the thread from an alertable wait via NtAlertThread. |
THREAD_GET_CONTEXT |
Allows retrieving the context (set of registers) of the thread via NtGetContextThread. |
THREAD_SET_CONTEXT |
Allows changing the context of the thread via NtSetContextThread and queuing APCs via NtQueueApcThread. |
THREAD_SET_INFORMATION |
Allows setting most information classes via NtSetInformationThread. |
THREAD_QUERY_INFORMATION |
Allows querying most information classes via NtQueryInformationThread. |
THREAD_SET_THREAD_TOKEN |
Allows setting thread impersonation token via NtSetInformationThread with ThreadImpersonationToken. |
THREAD_IMPERSONATE |
Allows using the thread as a server during direct impersonation via NtImpersonateThread. |
THREAD_DIRECT_IMPERSONATION |
Allows using the thread as a client during direct impersonation via NtImpersonateThread. |
THREAD_SET_LIMITED_INFORMATION |
Allows setting some information classes via NtSetInformationThread. The system automatically includes this right if the caller requested THREAD_SET_INFORMATION. |
THREAD_QUERY_LIMITED_INFORMATION |
Allows querying some information classes via NtQueryInformationThread. The system automatically includes this right if the caller requested THREAD_QUERY_INFORMATION. |
THREAD_RESUME |
Allows resuming the thread via NtResumeThread. The system automatically includes this right if the caller requested THREAD_SUSPEND_RESUME. |
THREAD_ALL_ACCESS |
All of the above plus standard rights. |
This function bypasses some access checks if the caller has the SeDebugPrivilege enabled.
To avoid retaining unused resources, call NtClose to close the returned handle when it is no longer required.
Instead of opening the current thread, consider using the NtCurrentThread pseudo-handle.
[This function may be changed or removed from Windows without further notice. Use the OpenThread function instead.]
Opens a handle to a thread object with the access specified.
ThreadHandle [out]
A pointer to a variable that receives the thread object handle.
DesiredAccess [in]
An ACCESS_MASK data type that provides the desired types of access for the thread object.
ObjectAttributes [in]
A pointer to an OBJECT_ATTRIBUTES structure. The ObjectName member of this structure must be NULL.
Windows Server 2003 and Windows XP: The ObjectName member of this structure can point to an object name. If ObjectName is not NULL, the ClientId parameter must be NULL.
ClientId [in]
A pointer to a CLIENT_ID structure that identifies the thread whose thread is to be opened.
Windows Server 2003 and Windows XP: A pointer to a CLIENT_ID structure that identifies the thread whose thread is to be opened. This parameter can be NULL. If this parameter is not NULL, the ObjectName member of the structure pointed to by the ObjectAttributes parameter must be NULL.
Returns an NTSTATUS or error code.
The forms and significance of NTSTATUS error codes are listed in the Ntstatus.h header file available in the WDK, and are described in the WDK documentation.
This function has no associated header file. The associated import library, Ntdll.lib is available in the WDK. You can also use the LoadLibrary and GetProcAddress functions to dynamically link to Ntdll.dll.
| Requirement | Value |
|---|---|
| DLL |
Ntdll.dll |
Pointer to received handle to thread object.
Access mask. See WinNT.h for details.
Attributes of thread to open. For standard threads there are empty.
Pointer to CLIENT_ID structure. Only UniqueThread member is required (difference to NtOpenProcess).